AI is no longer experimental, it’s operational. Enterprises are deploying AI models into production applications where they interact with sensitive data, call backend systems, and make real-world decisions. The use cases might be new, but the risks are familiar. Privilege escalation, supply chain compromise, data exfiltration, and unauthorized execution now flow through a different path: the prompt.
In this session, we’ll walk through how on-prem and private AI deployments actually work, from user input to inference to tool execution. We’ll dissect the modern AI stack, illustrate where risks accumulate, and show how those risks resemble what we've long dealt with in containerized applications.
Key topics covered:
• How AI workloads show up in enterprise applications
• What a production AI transaction looks like under the hood
• Where traditional controls (SAST, DAST, firewalling) fail
• How AI risks like prompt injections can lead to familiar attack paths
• The security capabilities required to safeguard the use of AI, from container to model
We’ll focus on practical architecture and operational controls for AI workloads, especially when they are built from open-source code, exposed to user input, run in containers, and make privileged decisions. We will explore how AI deployments deserve the same baseline protections we already apply to modern applications, plus AI-specific extensions.